Which One? / vs ÷, · vs ×

When performing a mathematical calculation by hand, what symbol do you use to signify division? Do you use a slash (/), a horizontal line with the numerator and divisor above and below, or the divide (÷) symbol? Personally, I use one of the first two, depending on the context. And, I can’t remember the last time I used ÷. However, a good estimate would be back in grade school.

Continue reading

(Web) Standards: Apple is Doing it Wrong

Standards are not about vendor lock in (or in the case of Apple, vendor lock out), they are about interoperability. Apple’s recent HTML5 showcase, more appropriately named Safari Showcase, reveals Apple does not understand standards. Locking out browsers, as Apple does in their showcase, is not a best practice or in any W3C specification. Apple’s quest against Adobe and flash is not noble—don’t get me wrong, I hate flash. They are not embracing standards, they are embracing something they can control.

Continue reading

Notes on Trustworthy Computing

How much is security worth to you? What about freedom? Currently, the Internet is akin to the Western United States in the 1800s. It is mostly a lawless land, unorganized, untaxed, and full of roaming bad guys. The commercial sector is exploiting it more and more. And in turn, is being harassed by the bad guys (crackers). Some foolish individuals, and organizations, wish to expel all of the bad guys from the Internet, and fund it with a tax on all Internet connections. Not only is this an ineffective waste of everyone’s money, it will make things worse.

Microsoft’s Scott Charney wishes to frame the issue of computer viruses in the same manner as their biological counterparts. He boasts, “I actually think that the health care model, particularly related to the World Health Organization and the Center for Disease Control …might be an interesting way to think about the problem.” While the idea itself is not new, the implications tend to draw heated debate. And, after the H1N1 and Avian Flu scares that did not materialize during the last decade, following too closely in the footsteps of the WHO and CDC would be foolish. However, having a procedure for containing and cleaning up virus outbreak is beneficial.

Charney continues, “Why don’t we think about access providers who are doing inspection and quarantine, and cleaning machines prior to access to the Internet?” With the bandwidth shaping technologies out today, a third party real time traffic scanner for malicious activity is possible. However, the first hurdle to this is the issue of privacy. With the real time scanner, the carrier could look at data that was once forbidden. Looking at packet destination won’t work as botnets become more sophisticated and operate in a more peer to peer fashion. Thus, content analysis will become necessary. This will drive both the botnets and legitimate users to encrypt all network traffic. Which is the second issue, real time scanners will become ineffective in the arms race against the bad guys.

Creating a WHO of computer viruses will cost money. Charney suggests a compulsory internet tax for all connected individuals. He even goes as far as suggesting that “…it’s a public safety issue…” Since when has the Internet been vital for public safety? If we, as a global community, are so dependent on the Internet for day to day life, maybe the roll of the Internet needs to be rethought. Twenty years ago, most people had never heard of the Internet. Today, most use the Internet just for logging into Facebook and playing Farmville or some other worthless time sink. Contrary to what Hollywood would have you believe, infrastructure–such as nuclear power plants–does not have vital components exposed to the Internet (e.g. the plot in Live Free or Die Hard could not happen). Why should one, who is responsible and maintains good security practices, pay to clean up the computer of some idiot who still believes that a Nigerian prince is going to give him (or her) a large sum of money. Recent viruses have not been self propagating, and the idea that the actions of one idiot will cause everyone else to get infected is invalid. The last major auto infecting worm was Blaster, and that was back in 2003 (Sasser does not count as a patch was available before it went public).

If a WHO of computer viruses is necessary, maybe it should be funded the same way that the quit smoking organizations are, charging the software venders. Microsoft, in particular should pay. It is their insecure OS (Windows XP), and their ignorant user base that has caused the problem. They need to educate their users as to why UAC is good, and should not be disabled or ignored. Mr Charney, that is your organization, do not push your burden onto us.

Read Stott Charney’s RSA 2010 Keynote.

-John Havlik

[end of transmission, stay tuned]

Mixed Colorspace

Colors are important, having the correct one can make or break a design. That is why professionals and even some enthusiasts spend copious amounts of money (well maybe not quite that much) on devices to ensure that when a color is picked, it looks the same on print and on the screen. Even with these devices, there are many pitfalls on the computer side.

Case in point: what looks like a rich crimson in improperly color managed FireFox, The Gimp, and Windows Paint is actually a rusty maroon in color managed Windows Explorer, and FireFox (when set to manage CSS colors in conjunction with profiled images). While this is better than in Windows XP, it is still annoying.

When Microsoft redid the graphics driver framework for Vista, they should have forced color correction onto the graphics drivers. That way, all applications would use the same color translation LUT and individual applications would not have to be aware of color profiles. Maybe they could do this for Windows 8 (then one could be in one of those “Windows 8 feature was my idea” commercials).

-John Havlik

[end of transmission, stay tuned]

goto code_hell;

code_hell: echo 'Yes, PHP 5.3 has the goto operator';

In one’s opinion, the only people that should be allowed to use the goto operator are expert assembly language programmers (and you are not one). Besides, most things written in PHP are not “low level” enough to warrant the use of goto. However, if you must use the goto operator, please do so responsibly. Use it as if it costs $10,000 per use, and properly document what’s going on.

-John Havlik

[end of transmission, stay tuned]